On Thu, Oct 7, 2021, at 07:02, Christian Huitema wrote: > Phil, > > What we have in the current LB spec is called a "stream cipher", but > that's a misnomer. What we have in the spec is actually a variable size > block cipher, derived from AES-ECB using a construct similar to FFX. > Your review of that algorithm would be appreciated.
Christian, I would call this a Feistel network, but avoid talking about FFX. FFX has a bunch of guidance about the number of iterations of the network that this ignores; to call this FFX or even imply that it is FFX isn't really fair. When you get right down to it, the real contribution in FFX is the analysis that produces guidance on the number of iterations and the inclusion of tweaks; if you use neither, then it's not really FFX. As additional iterations are necessary to maintain a security level, we need to be careful about the claims we make in relation to security.
